Rich Products Data Breach Lawsuit Investigation
Received an April 2026 breach notice from Rich Products?
Dapeer Law, P.A. is investigating a potential class action involving Rich Products Corporation, a Buffalo, New York based global food manufacturer, on behalf of current and former personnel whose personal information may have been exposed when an email account at its background-screening vendor was compromised in the late 2025 cyber incident.
Who may qualify
You may be eligible to participate in a class action if any of the following applies:
- You received a data breach notification letter from Rich Products dated April 2026.
- Your letter offered enrollment in free Cyberscout credit monitoring and identity-restoration services (a TransUnion company).
- You are a current or former Rich Products employee or job applicant whose personal information was handled by its background-screening vendor, First Advantage.
- No proof of harm required to consult with counsel. You do not need to have already suffered identity theft to explore your legal options.
- Excluded: individuals who did not receive a breach notice and whose information was not involved in the incident.
Not sure if you qualify?
Send us your notice, we'll confirm your eligibility at no cost.
What happened
According to a notice filed with the Maine Attorney General on May 27, 2026, the First Advantage Drug & Occupational Health Screening unit discovered on November 17, 2025 that an unauthorized party had infiltrated a single employee's email account through a phishing attack. The investigation determined that the attacker first gained access on or about November 13, 2025 and downloaded the entire contents of that mailbox. First Advantage provides background-screening services, and the compromised inbox contained personal information connected to people screened on behalf of its clients.
Rich Products Corporation later received confirmation that personal information belonging to its current or former personnel was among the data contained in the compromised mailbox. The company began mailing notification letters dated April 21, 2026, roughly five months after the incident was discovered. The publicly filed copy of the letter redacted the specific categories of data involved, so the exact information elements affected for each person are described only in the individualized letters. Rich Products states it has no evidence of fraud or misuse tied to the incident to date.
Because the exposed data originated from an employment background-screening process, the categories of information collected during that process can be sensitive. Individuals who received a letter should review their own notice for the specific data elements identified and monitor their financial and credit activity, regardless of whether any misuse has been reported so far.
What to do if you received a letter
Keep your notice letter
Do not discard it. Your letter contains the enrollment code for credit monitoring and is important evidence if you decide to participate in a lawsuit.
Enroll in the free 24-month credit monitoring
Enroll in the Cyberscout credit monitoring and identity-restoration services (a TransUnion company) offered in your letter before the July 21, 2026 deadline. Accepting this benefit does not waive your right to pursue legal action.
Place a fraud alert or credit freeze
Contact Equifax, Experian, and TransUnion to place a fraud alert or freeze on your file. Request a free weekly credit report from AnnualCreditReport.com, and use the FTC's IdentityTheft.gov recovery guide.
Speak with a data breach attorney
Consultations with Dapeer Law are free and confidential. We'll review your notice, explain your options, and advise whether you may be eligible to join a class action.
Submit your notice for a free review
Two minutes online. A licensed attorney reviews every submission.
Breach timeline
Compensation you may be entitled to
Out-of-pocket expenses
Credit freezes, identity restoration services, and other costs incurred responding to the breach.
Time spent monitoring
Hours spent reviewing accounts, disputing fraudulent charges, and dealing with identity theft issues.
Identity theft & fraud losses
Unreimbursed funds stolen from accounts, unauthorized credit lines, or tax refund fraud tied to the breach.
Statutory damages
Certain state data breach and consumer protection statutes provide for fixed damages regardless of actual loss.
Injunctive relief
Court orders requiring Rich Products and its vendors to implement stronger data security practices going forward.
Compensation categories depend on applicable state law, the types of data exposed, and documented losses. No recovery is guaranteed.
Common questions
I received a data breach letter from Rich Products. What should I do? +
Keep your breach letter, enroll in the free Cyberscout credit monitoring (a TransUnion company) before the July 21, 2026 deadline, place a fraud alert or credit freeze with the nationwide bureaus, review your bank and credit-card statements for unfamiliar activity, and contact a data breach attorney to learn about your options.
Am I eligible to join a class action against Rich Products? +
Notice recipients generally qualify for a free case review. Whether you can pursue a claim, and the value of that claim, can depend on your state of residence, the categories of data exposed in your individual letter, and any out-of-pocket losses or time you have spent dealing with the incident.
How much money could I receive from a class action lawsuit? +
Data breach class action recoveries vary significantly. Settlements typically range from a few hundred dollars for basic out-of-pocket losses to several thousand dollars for documented identity theft, with class size, damages, and negotiation all affecting the final amount. No payout is guaranteed, and this investigation has not yet resulted in a settlement.
What personal information was exposed in the breach? +
The publicly filed notice states that personal data elements contained in a vendor employee's email inbox were accessed, but the specific categories were redacted in the public copy. The exact information involved for you is described in your individual letter. Because the data came from a background-screening process, it can include sensitive personal details.
Did Rich Products offer free credit monitoring? +
Yes. Rich Products is offering 24 months of complimentary credit monitoring and identity-restoration services through Cyberscout, a TransUnion company. The enrollment deadline stated in the letters is July 21, 2026. Enrolling does not waive your right to pursue legal action.
How many people were affected by the Rich Products breach? +
The total number of affected individuals has not been publicly disclosed in the regulator filing. We will update this page as more information becomes available.
Is there a deadline to take legal action? +
Yes. Statutes of limitations for data breach claims vary by state and legal theory, typically ranging from one to six years. Waiting can permanently bar your claim. Contact us as soon as possible for a free evaluation.
How do I get a copy of the official breach notice? +
The notice was filed with the Maine Attorney General's data breach notification portal, where a copy can be requested or downloaded. Dapeer Law can also help you obtain a copy during a free consultation.
Sources & references
- Official breach notice filing · Maine Attorney General, Data Breach Notifications Portal
- Company · Rich Products Corporation (richs.com)
- Credit bureau freezes · Equifax · Experian · TransUnion
- Free weekly credit reports · AnnualCreditReport.com
- Identity theft recovery guide · FTC IdentityTheft.gov
Don't let the deadline decide for you. Submit your claim today.
You only have a limited window to act. Our team will review your notice, explain your options, and tell you whether you may be eligible to recover compensation, at no cost to you.
